Enable event logs in AWS
Configure your AWS S3 bucket to receive continuous replication of IAM service event logs from Atlan, enabling real-time security monitoring and SIEM integration.
Prerequisites
You need:
- AWS account with S3 bucket access and appropriate permissions
- Bucket versioning enabled on both source and destination buckets (see AWS documentation)
- Account ID, bucket name, and region details
Set up S3 bucket replication
-
Provide your bucket details to Atlan (account ID, bucket name, and region).
- Atlan uses these details to create an IAM role on their side
-
Receive the bucket policy from Atlan.
- The policy includes the Atlan Role ARN and required S3 actions
-
Attach the bucket policy to your destination S3 bucket.
The policy grants Atlan permissions to replicate objects:
{
"Version": "2012-10-17",
"Id": "",
"Statement": [
{
"Sid": "Set-permissions-for-objects",
"Effect": "Allow",
"Principal": {
"AWS": "<Atlan Role ARN>"
},
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:GetBucketVersioning",
"s3:PutBucketVersioning"
],
"Resource": [
"arn:aws:s3:::<Customer S3 Bucket Name>/*",
"arn:aws:s3:::<Customer S3 Bucket Name>"
]
}
]
} -
Confirm that the bucket policy has been successfully attached.
- Notify Atlan support once the policy is in place
-
Atlan completes the final setup.
- Atlan support configures replication on their side
Verify continuous replication
Application audit logs stream to Atlan's S3 bucket in near real time (within 10 seconds of generation). Once logs are available in Atlan's bucket, they replicate to your organization's S3 bucket within 15 minutes. Replication is ongoing without delays, ensuring logs are continuously transferred as they're generated.
Logs are stored in your S3 bucket with the following folder structure:
/year=YYYY/month=MM/day=DD/hour=HH/logs_<rnd-9-digit-int>.json.gz
Each file is saved hourly in gzip format containing multiple log entries in JSON format.
See also
- Cloud logging and monitoring: Understand log format, structure, and security details.